What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1"

Transcription

1 What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

2 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 2

3 PCI Overview 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 3

4 Quick Security Facts PCI in scope organizations that suffered a data breach not yet PCI compliant attacks were not considered highly difficult breaches caused by internal users (90% deliberate) The vast majority of data breaches would have been prevented if security changes were implemented 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 4

5 The PCI Data Security Standard Originally published January 2005, current version is 2.0 PCI DSS 2.0 standard becomes mandatory January 1st, 2012 Impacts ALL who Process Transmit Store: cardholder data PCI is a private sector security standard. It is a contract between merchants and banks Payment Card Industry Data Security Standard 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 5

6 Why Should You Care About PCI First and foremost, it is a tool you can use to secure your business It promotes security awareness throughout the organization Fines can be hefty for non-compliance: AMEX non-filing fees: $50,000 non-compliance fee. Additional $150,000 if not compliant in 30 days. Additional $200,000 if 60 days past due. Termination of contract if more than 60 days plus previous fees. Fines and costs are even heavier for card-number breaches 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 6

7 Cost of a Data Breach Raising awareness for PCI Industry data helps Specific cost data that is personalized always prevails Use PCI as a mechanism to expose these costs to the business Data breach costs Average cost per breached record: US$204 (was US$138 in 2005) Average cost to a breached organization: US$6.75 million Legal costs up 56% from 2008 due to increase in successful class-action lawsuits and threat thereof Source: Annual Study: Cost of a Data Breach 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 7

8 MasterCard Merchant Compliance Update Starting 30 June 2011 Level 2 Merchants need to either: Complete annual self-assessment by certified Internal Security Assessor (ISA) or Complete an annual onsite assessment by a QSA Source: Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 8

9 PCI Training The PCI SSC Internal Security Assessor (ISA) Program: PCI DSS training and qualification program 3 day on-site training course with exam Must be a full time employee of an ISA Sponsor Company and qualified as an ISA Passing results in 12 month ISA certification 2-day PCI awareness training available to anyone QSA certification limited to QSA companies/employees 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 9

10 12 PCI DSS Requirements PCI Data Security Standard Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security requirements 3. Protect stored data 4. Encrypt transmission of cardholder data and sensitive information across public networks 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 10

11 PCI 2.0 Changes 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 11

12 PCI 2.0 Change Breakdown by Category 119 changes to provide clarification 15 changes for additional guidance 2 changes that are evolving requirements We will only touch on some of the main ones that we think have some significance 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 12

13 Methodology for Determining PCI Scope New requirement to annually confirm the accuracy and appropriateness of PCI DSS scope in your environment Fully document your discovery methodology Document the location of your PCI data Make documentation available to assessor 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 13

14 Virtualization Added to Scope System components also include any virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors. Requirement updated: Where virtualization technologies are in use, implement only one primary function per virtual system component Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 14

15 Wireless Rogue Detection Updates 11.1: Wireless access point detection updated with new methods: Wireless network scans Physical/logical inspections NAC Wireless IDS and IPS 11.1b: Verify wireless test methods for accurate detection of: WLAN cards Portable wireless devices (USB, etc.) Attached wireless devices and access points PCI Note: Whichever methods are used, they must be sufficient to detect and identify any unauthorized wireless devices Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 15

16 Virtualization Updates Guidance All virtual components in scope All virtual communications and data flows must be identified and documented Virtualized environment must maintain proper segmentation Must meet intent of all 12 PCI requirements Authentication Virtual management protocols in system documentation Define roles/permissions Enforce separation of duties and least privilege Distinguish privileges between the guest VMs and the hypervisor Source: PCI council Navigating DSS v2.0.pdf 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 16

17 Risk Wireless Considerations Physical inspection WIPS Sophistication Clean Air 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 17

18 SAQ C-VT Added Applies only to merchants who manually enter a single transaction via a keyboard into an Internet-based virtual terminal solution provided by a 3rd party Computer is isolated in a single location, and is not connected to other systems within your environment (this can be achieved via a firewall or network segmentation) Greatly simplified and targeted audit requirements 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 18

19 Additional 2.0 Developments Vulnerability Risk Ranking: req 6.2 (July 2012) Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities Secure Coding: req 6.5 Secure development for all applications, not just web More best practice examples sited 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 19

20 New Information Supplements and Advanced Technology Guidance 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 20

21 How the Council Approaches Emerging Technology and Change Special Interest Groups (SIGs) Solicits outside studies like the PWC Study Technical Working Group (TWG) Individual brands release guidance or requirements Feedback/input from participating organizations Every single comment during the 1.2 comment period was reviewed! Anyone can submit a question to the https://www.pcisecuritystandards.org/ 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 21

22 Point-to-Point Encryption Guidance Roadmap focused on encryption at the point-of-interaction (POI) terminal, not site to site (S2S) Roadmap conclusions Validation methods still immature Can simplify PCI; must meet testing validation Will not eliminate PCI; may reduce scope Independent validation of P2PE required Validation requirements guide to be released in Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 22

23 Virtualization Guidance Coming New guidance and mapping document currently in review Guidance likely will include: Common virtualization definition Component definitions and scoping considerations Risks Use cases Recommendations Hotly debated subject is use of mixed mode 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 23

24 Tokenization Tokenization defined Shifts the risk to the financial institution POS: Still at risk Use cases for tokenization Not a silver bullet 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 24

25 Chip & Pin EMV defined EMV: face-to-face compared to online transactions Magstripe still accepted PAN not confidential EMV and PCI together Therefore, in securing the current face-to-face acceptance environment one should not consider it to be a case of either EMV or PCI DSS, but rather EMV and PCI DSS. Both are essential elements in the fight against fraud and data exposure. Together they provide the greatest level of security for cardholder data throughout the entire transaction process. PCI DSS Applicability in an EMV Environment: A Guidance Document Version 1, release date October 5, Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 25

26 PCI Design Best Practices How Cisco Can Help with PCI 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 26

27 PCI DSS 2.0 Scope Definition PCI security requirements apply to all system components. System components are defined as: Any network component, server, or application that is included in or connected to the cardholder data environment. Virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment. Source PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 27

28 Scoping with Segmentation Entire Network is in Scope Determine Scope Branch Warehouse Can scope be reduced with segmentation? Data Center WAN Access Wide Area Accelerated Network CORE Server Access Server Access POS Servers inventory Servers Storage Headquarters 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 28

29 Scoping with Segmentation Entire Network is in Scope Determine Scope Branch Warehouse Can scope be reduced with segmentation? Wide Area Accelerated Network NOT IN PLACE Data Center WAN Access CORE Server Access Server Access POS Servers inventory Servers Entire network is in scope for PCI DSS review Storage Headquarters 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 29

30 Scoping with Segmentation Determine Scope Entire Network is in Scope Branch Only Devices Passing Card Holder Data Are in Scope Branch Warehouse Warehouse Can scope be reduced with segmentation? NOT IN PLACE IN PLACE Wide Area Accelerated Network Wide Area Accelerated Network Did assessor validate segmentation effectiveness? Data Center WAN Access No Data Center WAN Access Yes CORE Server Access POS Servers Assessor documents segmentation in place and effective Server Access inventory Servers 2010 Cisco and/or its affiliates. All rights reserved. Server Access POS Servers Entire network is in scope for PCI DSS review Storage CORE Headquarters Server Access inventory Servers Scope limited for PCI DSS review Storage Headquarters Cisco Systems, Inc 30

31 Scoping with Segmentation Determine Scope Entire Network is in Scope Branch Only Devices Passing Card Holder Data Are in Scope Branch Warehouse Warehouse Can scope be reduced with segmentation? NOT IN PLACE IN PLACE Wide Area Accelerated Network Wide Area Accelerated Network Did assessor validate segmentation effectiveness? Data Center WAN Access No Data Center WAN Access Yes CORE Server Access POS Servers Assessor documents segmentation in place and effective Server Access inventory Servers 2010 Cisco and/or its affiliates. All rights reserved. Server Access POS Servers Entire network is in scope for PCI DSS review Storage CORE Headquarters Server Access inventory Servers Scope limited for PCI DSS review Audit Performed Storage Headquarters Cisco Systems, Inc 31

32 Approaching PCI Reduce your scope Secure the perimeter of the cardholder data scope Maintain and simplify 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 32

33 PCI Simplified: A Comprehensive Solution PCI DSS 2.0 Solution Framework Endpoints Point of Sale: Servers, and Applications Voice: Phones and Contact Center Applications Data Loss Prevention Physical : Surveillance and Badge Access Services Administration Authentication Management Encryption Monitoring Assess Design Implement Audit Infrastructure Store Data Center Contact Center Internet Edge Network: Routers, Switches, and Wireless Security: Firewalls and Intrusion Detection 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 33

34 Cisco PCI Solution Campus or HQ Data Center AGGREGATION INTERNET EDGE WAN Aggregation Core INTERNET POS Servers POS Register PC Mobile POS Service Provider Service Aggregation Adaptive Security Appliance Web App FW DMZ Web Servers VPN Store Catalyst Switch Integrated Services Router LWAPP SERVER ACCESS Access Authentication POS Servers STORAGE MDS 9000 SAN Switches External Locations Network Management Security Management Business Servers Database Disk Arrays POS Servers POS Register PC Mobile POS and Inventory Monitoring Network Services Tape Storage Remote Workers Partners 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 34

35 Requirement 1: Install and Maintain a Firewall Configuration to Protect Data Campus or HQ Data Center AGGREGATION INTERNET EDGE Security Management: Key Manager Client WAN Aggregation INTERNET Core POS Servers POS Register Payment Devices Mobile POS/ Inventory Service Provider Service Aggregation Adaptive Security Appliance Web App FW DMZ Web Servers VPN Store Security Management: Key Manager Client File Security Adapter + POS Register Integrated Services Router Payment Devices LWAPP Mobile POS and Inventory SERVER ACCESS Access Authentication Network Management: CiscoWorks LMS Security Management: Cisco Security Manager Monitoring: SIEM POS Servers Business Servers Database Network Services STORAGE MDS 9000 SAN Switches Disk Arrays Tape Storage Remote Workers External Locations Partners 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 35

36 Cisco PCI Design and Implementation Guides Recommended architectures for networks, payment data at rest, and data in transit Cisco PCI Design and Implementation Guide Validated Design Small Retail Store Testing in a simulated retail enterprise, which includes POS terminals, application servers, wireless devices, Internet connection, and security systems Configuration, monitoring, and authentication management systems Design was validated by a third-party QSA 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 36

37 Cisco PCI Compliance Professional Services Penetration and Vulnerability Testing (Req. 11) Business Risk Analysis Technical Control Mapping Security Management Program Analysis Cisco Security Posture Assessment (SPA) Service performs penetration testing on the customer s network to determine gaps in the network, holes, and vulnerabilities that can be used to attack the system. This is a PCI requirement that must be performed regularly Cisco IT GRC Assessment Service addresses PCI (and other relevant regulations) to determine scope and risk to the business Analysis of the security controls in place and whether they meet the PCI requirements as designed and implemented Review of customer security management program and assessment against PCI standards and ISO (27001 and 38500) to identify areas for improvement 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 37

38 In Summary PCI Overview: Update on new PCI lifecycle and overview of changes PCI Obstacles: Advanced technologies still being investigated, driving need for end-to-end solution PCI Solution: PCI simplified with Cisco 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 38

39 Important URLs Cisco PCI Resources PCI Design and Implementation Guide Retail PCI Security Standards Council Bank Heist Case Study Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 39

40 Q and A 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 40

41

Josiah Wilkinson Internal Security Assessor. Nationwide

Josiah Wilkinson Internal Security Assessor. Nationwide Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

Why Is Compliance with PCI DSS Important?

Why Is Compliance with PCI DSS Important? Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These

More information

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1) PDQ has created an Answer Guide for the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C to help wash operators complete questionnaires. Part of the Access Customer Management

More information

Becoming PCI Compliant

Becoming PCI Compliant Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key

More information

Enforcing PCI Data Security Standard Compliance

Enforcing PCI Data Security Standard Compliance Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security & VideoSurveillance Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 The

More information

PCI Security Compliance

PCI Security Compliance E N T E R P R I S E Enterprise Security Solutions PCI Security Compliance : What PCI security means for your business The Facts Comodo HackerGuardian TM PCI and the Online Merchant Overview The Payment

More information

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Matthew T. Davis SecureState, LLC mdavis@securestate.com SecureState Founded in 2001, Based on Cleveland Specialized

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard PCI Compliance Crissy Sampier, Longwood University Edward Ko, CampusGuard Agenda Introductions PCI DSS 101 Chip Cards (EMV) Longwood s PCI DSS Journey Breach Statistics Shortcuts to PCI DSS Compliance

More information

Adyen PCI DSS 3.0 Compliance Guide

Adyen PCI DSS 3.0 Compliance Guide Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants

More information

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc.

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc. PCI Compliance at The University of South Carolina Failure is not an option Rick Lambert PMP University of South Carolina ricklambert@sc.edu Payment Card Industry Data Security Standard (PCI DSS) Who Must

More information

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers.

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. White Paper January 2013 1 INTRODUCTION The PCI SSC (Payment

More information

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE CHEAT SHEET: PCI DSS 3.1 COMPLIANCE WHAT IS PCI DSS? Payment Card Industry Data Security Standard Information security standard for organizations that handle data for debit, credit, prepaid, e-purse, ATM,

More information

PCI Compliance 3.1. About Us

PCI Compliance 3.1. About Us PCI Compliance 3.1 University of Hawaii About Us Helping organizations comply with mandates, recover from security breaches, and prevent data theft since 2000. Certified to conduct all major PCI compliance

More information

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business Comodo HackerGuardian PCI Security Compliance The Facts What PCI security means for your business Overview The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements intended

More information

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and

More information

PCI Compliance. Top 10 Questions & Answers

PCI Compliance. Top 10 Questions & Answers PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

PCI Compliance Top 10 Questions and Answers

PCI Compliance Top 10 Questions and Answers Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs

More information

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

Whitepaper. PCI Compliance: Protect Your Business from Data Breach Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your

More information

Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications

Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications What You Will Learn This whitepaper describes how to meet the Payment Card Industry Data Security Standard (PCI DSS) for

More information

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 Agenda Introduction PCI DSS 3.0 Changes What Can I Do to Prepare? When Do I Need to be Compliant? Questions

More information

Two Approaches to PCI-DSS Compliance

Two Approaches to PCI-DSS Compliance Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,

More information

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance

More information

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP 2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate

More information

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document

More information

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 2.0 October 2010 Document Changes Date Version Description October 1, 2008 1.2 October

More information

PC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA

PC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?

More information

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

Whitepaper. PCI Compliance: Protect Your Business from Data Breach Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

New PCI Standards Enhance Security of Cardholder Data

New PCI Standards Enhance Security of Cardholder Data December 2013 New PCI Standards Enhance Security of Cardholder Data By Angela K. Hipsher, CISA, QSA, Jeff A. Palgon, CPA, CISSP, QSA, and Craig D. Sullivan, CPA, CISA, QSA Payment cards a favorite target

More information

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP cliftonlarsonallen.com PCI Compliance What is New in Payment Card Industry Compliance Standards October 2015 Overview PCI DSS In the beginning Each major card brand had its own separate criteria for implementing

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.

More information

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education PCI in Higher Education Walter Conway, QSA 403 Labs, LLC Walt Conway PCI consultant, blogger, trainer, speaker, author Former Visa VP Help schools become PCI compliant Represent Higher Education at PCI

More information

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

PCI v2.0 Compliance for Wireless LAN

PCI v2.0 Compliance for Wireless LAN PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki

More information

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI Solution for Retail: Addressing Compliance and Security Best Practices PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment

More information

North Carolina Office of the State Controller Technology Meeting

North Carolina Office of the State Controller Technology Meeting PCI DSS Security Awareness Training North Carolina Office of the State Controller Technology Meeting April 30, 2014 agio.com A Note on Our New Name Secure Enterprise Computing was acquired as the Security

More information

CardControl. Credit Card Processing 101. Overview. Contents

CardControl. Credit Card Processing 101. Overview. Contents CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old

More information

A PCI Journey with Wichita State University

A PCI Journey with Wichita State University A PCI Journey with Wichita State University Blaine Linehan System Software Analyst III Financial Operations & Business Technology Division of Administration & Finance 1 Question #1 How many of you know

More information

So you want to take Credit Cards!

So you want to take Credit Cards! So you want to take Credit Cards! Payment Card Industry - Data Security Standard: (PCI-DSS) Doug Cox GSEC, CPTE, PCI/ISA, MBA dcox@umich.edu Data Security Analyst University of Michigan PCI in Higher Ed

More information

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance Emerging Technology Whitepaper Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance For Transmissions of Cardholder Data and Sensitive Authentication Data Program Guide Version

More information

PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com

PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com Whoops!...3.1 Changes 3.1 PCI DSS Responsibility Information Technology Business Office PCI DSS Work Information

More information

PCI DSS Compliance. 2015 Information Pack for Merchants

PCI DSS Compliance. 2015 Information Pack for Merchants PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 3.2 May 2016 Document Changes Date Version Description October 1, 2008 1.2 October 28,

More information

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate. MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded

More information

Thoughts on PCI DSS 3.0. September, 2014

Thoughts on PCI DSS 3.0. September, 2014 Thoughts on PCI DSS 3.0 September, 2014 Speaker Today Jeff Sanchez is a Managing Director in Protiviti s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen s Technology

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

University of Sunderland Business Assurance PCI Security Policy

University of Sunderland Business Assurance PCI Security Policy University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial

More information

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified

More information

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES AGENDA PCI Players and Roles Merchant Requirements Keys To Successful PCI

More information

PCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth

PCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth PCI Compliance 2012 - The Road Ahead October 2012 Hari Shah & Parthiv Sheth What s the latest? Point-to-Point Encryption (P2PE) Program Guide Updated Solution Requirements and Testing Procedures for hardware-based

More information

AISA Sydney 15 th April 2009

AISA Sydney 15 th April 2009 AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks

More information

PCI Data Security Standards

PCI Data Security Standards PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million

More information

Presented By: Bryan Miller CCIE, CISSP

Presented By: Bryan Miller CCIE, CISSP Presented By: Bryan Miller CCIE, CISSP Introduction Why the Need History of PCI Terminology The Current Standard Who Must Be Compliant and When What Makes this Standard Different Roadmap to Compliance

More information

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions

More information

PCI Risks and Compliance Considerations

PCI Risks and Compliance Considerations PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock PCI DSS 3.0 Overview OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock 01/16/2015 Purpose of Today s Presentation To provide an overview of PCI 3.0 based

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release

More information

Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment

Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Retail establishments have always been a favorite target of thieves and shoplifters, but today s worst criminals

More information

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants UT System Administration Information Security Office Agenda Overview of PCI DSS Compliance versus Non-Compliance PCI

More information

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS) CONTENTS OF THIS WHITE PAPER Overview... 1 Background... 1 Who Needs To Comply... 1 What Is Considered Sensitive Data... 2 What Are the Costs/Risks of Non-Compliance... 2 How Varonis Helps With PCI Compliance...

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?

More information

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy Payment Card Industry - Data Security Standard () Security Policy Version 1-0-0 3 rd February 2014 University of Leeds 2014 The intellectual property contained within this publication is the property of

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

Technology Innovation Programme

Technology Innovation Programme FACT SHEET Technology Innovation Programme The Visa Europe Technology Innovation Programme () was designed to complement the Payment Card Industry (PCI) Data Security Standard (DSS) by reflecting the risk

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

Data Security Requirements for K-12 January 28, 2010. Payment Card Industry (PCI)

Data Security Requirements for K-12 January 28, 2010. Payment Card Industry (PCI) CUR RITY SE Data Security Requirements for K-12 January 28, 2010 Payment Card Industry (PCI) SE CUR RITY 1 Welcome To Join The Voice Conference Dial 866-939-3921 Technical issues press 0 Q & A We ll leave

More information

PCI DATA SECURITY STANDARD OVERVIEW

PCI DATA SECURITY STANDARD OVERVIEW PCI DATA SECURITY STANDARD OVERVIEW According to Visa, All members, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard. In order to be PCI compliant,

More information

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP SAQ D Compliance Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP Ground Rules WARNING: Potential Death by PowerPoint Interaction Get clarification Share your institution s questions, challenges,

More information

PCI DSS. CollectorSolutions, Incorporated

PCI DSS. CollectorSolutions, Incorporated PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted

More information

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as

More information

Top 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services

Top 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services Top 10 PCI Concerns Jeff Tucker Sr. Security Consultant, Foundstone Professional Services About Jeff Tucker QSA since Spring of 2007, Lead for the Foundstone s PCI Services Security consulting and project

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

5 TIPS TO PAY LESS FOR PCI COMPLIANCE

5 TIPS TO PAY LESS FOR PCI COMPLIANCE Ebook 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE YOUR PCI SCOPE 2015 SecurityMetrics 5 TIPS TO PAY LESS FOR PCI COMPLIANCE 1 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE

More information

Payment Card Industry Compliance Overview

Payment Card Industry Compliance Overview January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260

More information

PCI DSS Presentation University of Cincinnati

PCI DSS Presentation University of Cincinnati PCI DSS Presentation University of Cincinnati Quick PCI Level Set Higher Ed Challenges Getting Compliant Application w/ customers Q& A PCI DSS Payment Card Industry Data Security Standard What is the PCI

More information

Payment Card Industry Data Security Standard (PCI DSS) v1.2

Payment Card Industry Data Security Standard (PCI DSS) v1.2 Payment Card Industry Data Security Standard (PCI DSS) v1.2 Joint LA-ISACA and SFV-IIA Meeting February 19, 2009 Presented by Mike O. Villegas, CISA, CISSP 2009-1- Agenda Introduction to PCI DSS Overview

More information